Dec 19, 2013

A few months ago I wrote about using CyanogenMOD along with a number of security tools to try to limit the amount of spying the NSA can do on your phone. Sure, some things you can't prevent. Things like the NSA capturing your cell phone location information from towers and such, but my article should have been able to prevent anything from Google (Complicit in the PRISM program) from sending your information to the NSA.

Well I just upgraded my phone to CyangogenMOD 10.2.0 and after the upgrade I went to check my version to ensure the upgrade went okay and I noticed the following:

Yes, you saw that correctly. CyanogenMOD ships with SELinux installed by default. You are probably saying, "so what?"

If you've never heard of SELinux here is a description from the NSA's website (NSA is the creator of SELinux):

As part of its Information Assurance mission, the National Security Agency has long been involved with the computer security research community in investigating a wide range of computer security topics including operating system security. Recognizing the critical role of operating system security mechanisms in supporting security at higher levels, researchers from NSA's Trusted Systems Research Group, formerly the National Information Assurance Research Laboratory, have been investigating an architecture that can provide the necessary security functionality in a manner that can meet the security needs of a wide range of computing environments.

That architecture is SELinux. That's right, the very people I was trying to protect against makes some of the software! That means a very REAL possibility of a backdoor in CyanogenMOD!

SELinux is not a backdoor for government agencies to spy on you. It is not PRISM, PROMIS, CARNIVORE, The Great Firewall or any other ominous Big Brother-like initiative.

Oh really CyanogenMOD? Why do you say that? Because the NSA told you so, and they have been so trustworthy lately? Nonsense!

No, if CyanogenMOD really wanted to protect user's data they would scrap SELinux, and go for a true open source alternative like AppArmor.

I guess there really is no good way to try and prevent NSA spying on your personal devices. Not when the NSA is collaborating with most smartphone manufacturers. The only real option is to wait on Ubuntu phones to hit the market. Hopefully that will come to the market sooner rather than later.